<!DOCTYPE HTML>
<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<title>简易留言本</title>
<link rel="stylesheet" href="text.css" type="text/css" />
</head>
<body>
<hi>简易留言板</hi>
<div>
    <form action="index.php" method="post">
		<table brder="1" bgcolor="#B3B3B3" border="0" cellpadding="5" cellspacing="1" width="940" align="center">
			<tbody><tr>
				<td bgcolor="#FFFFFF" width="90" align="center">*昵称：</td>
				<td bgcolor="#FFFFFF" width="360"><input name="user" type="text">
				</td>
			</tr>

			<tr>
				<td bgcolor="#FFFFFF" align="center">*留言内容：</td>
				<td colspan="3" bgcolor="#FFFFFF"><textarea name="content" rows="5" cols="90"></textarea>
				</td>
			</tr>
			<tr>
				<td colspan="4" bgcolor="#FFFFFF" align="center">
					<input name="submit" value="提交" type="submit">
				</td>
				</tr>
			</tbody>
		</table>
	</form>
</div>
	<table border="0" cellpadding="0" cellspacing="0" width="100%">
		<tbody>
		  <tr>
			<td height="5"></td>
		  </tr>
		</tbody>
	</table>
<div>
	<table bgcolor="#B3B3B3" border="0" cellpadding="5" cellspacing="1" width="940" align="center">
		<tr>
			<th bgcolor="#EBEBEB">我们都在说：</th>
		</tr>
	
<?php
//连接数据库
$link = @mysqli_connect('localhost','root','','message','3306');
if (!$link) {
    die('Connect Error (' . mysqli_connect_errno() . ') '
            . mysqli_connect_error());
}
//发送查询
mysqli_query($link,'use message');
mysqli_query($link,'set names utf8');
//POST数据转义
$user = filter_input(INPUT_POST,'user',FILTER_SANITIZE_SPECIAL_CHARS);
$content = filter_input(INPUT_POST,'content',FILTER_SANITIZE_SPECIAL_CHARS);
if ($user != '' and $content!='')
{
//接受POST数据
$sql1 = "INSERT INTO message (user,content,time) values ('".$user."','".$content."',".time().")";
if ( mysqli_real_query ($link,$sql1))
{echo '';}
else{'留言失败';}
}
//查询
$sql2 = 'select * from message order by id desc';
if ($result = mysqli_query($link, $sql2)) 
{	
    while ($row = mysqli_fetch_assoc($result)) 
	{
		@$putime=date('Y-m-d H:i:s', $row['time']);
		printf ("<tr><td><font>%s</font>", $row["user"]);
		echo "		<em>[留言时间:",$putime,"]"."</em></td>";
		printf ("<tr><td>%s</td></tr>",$row["content"]);;
    }
    mysqli_free_result($result);
}
echo "</table></div></body></html>";
mysqli_close($link);
?>